Due to the new European data protection law, we need your consent before you use our website:

We use cookies and other technologies to customize your experience, perform analytics and deliver
personalized advertising on our sites, apps and newsletters and across the Internet based on your
interests. By clicking “I agree” below, you consent to the use by us and our third-party partners of
cookies and data gathered from your use of our platforms. See our Privacy Policy
and Third Party Partners to learn
more about the use of data and your rights. You also agree to our
Terms of Service.

Ticketfly is back online after a hack exposed about 27 million accounts. Here’s what you need to know.

The 9:30 Club in Washington was among the venues affected by the Ticketfly “cyber incident.” (9:30 Club)

This post has been updated.

Ticketfly was back up and running Wednesday night, about a week after a “malicious cyber attack” waylaid the concert and sporting-event ticketing website and exposed the data of “approximately 27 million” accounts, the company said in a statement Thursday morning.

Users’ names, phone numbers, addresses and email addresses connected to the accounts were accessed in the hack, but financial information like credit and debit card numbers were not, according to Eventbrite, the San Francisco-based company that owns Ticketfly.

During the past week, the company has slowly reintroduced aspects of its website.

The breach occurred last Thursday, when a hacker using the handleIsHaKdZ replaced the website’s homepage with an image of the character V from the 2005 film “V for Vendetta.” The character is a British anarchist who wears a Guy Fawkes mask and violently protests the fascist government in a fictional portrayal of Britain.

Under this image was the hacker’s email address and a message: “Your Security Down im Not Sorry. Next time I will publish database ‘backstage.’ ”

The breach caused headaches for venues across the country that primarily rely on digital ticketing.

“Due to the current Ticketfly outage, we ask that you please print your tickets if possible,” the 9:30 Club, the concert venue in Washington, tweeted Friday. “For those with will call tickets, please head to our box office. Tickets will be available at the door! Thank you for your patience.”

Space Gallery, an arts venue in Portland, Maine, had to sell tickets at the door for a concert by Chicago multi-instrumentalist Nnamdi Ogbonnaya.

The primary fear for users involved in any major data breach is the idea that a hacker could use their information to commit identity fraud or to access their financial institutions. Troy Hunt, who runs the Have I Been Pwned? website, told the Associated Press this breach is not as dire as some, because IsHaKdZ did not take passwords.

In a conversation with Mashable, the hacker claimed to have warned Ticketfly of a vulnerability on its website and requested a ransom to fix it.

“[Yes] i asked them 1 bitcoin for protection. But I did not receive a reply from them,” the hacker told Mashable. The hacker also shared with the media outlet a large directory of spreadsheet files that seemed to contain personal data for Ticketfly customers and employees. Mashable said it confirmed some of the data was authentic.

Travis M. Andrews is a pop culture writer for The Washington Post. He joined The Post in 2016 as a reporter for Morning Mix. Previously, he was a travel and culture editor for Southern Living magazine and a pop culture and tech contributor for Mashable.

Post Recommends

Outbrain

We're glad you're enjoying The Washington Post.

Get access to this story, and every story, on the web and in our apps with our Basic Digital subscription.